Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: p1@arkham.wimsey.bc.ca (Rob Slade) Newsgroups: comp.virus Subject: Virucide query (PC) Message-ID: <0007.9105011240.AA25914@ubu.cert.sei.cmu.edu> Date: 30 Apr 91 01:43:51 GMT Sender: Virus Discussion List Lines: 28 Approved: krvw@sei.cmu.edu AL380382@VMTECCHI.BITNET (Ramon Bartschat) writes: > A friend of mine was using the VIRUCIDE program, so I copied it > to try it out, but when I got home and scanned it with SCAN V67 the > program told me that VIRUCIDE was compressed with LZEXE and that it > was infected internally with the Kennedy Virus and with the 12 Tricks > Troyan Horse. I could never find out any unusual behaviour in > VIRUCIDE. So what's wrong with VIRUCIDE ???? Right now I got a > secured copy of VIRUCIDE, in case it's really infected with Kennedy & > 12 Tricks. Copied it, eh? Well, we'll let that pass for the moment ... You will have noticed that VIRUCIDE is, in fact, a McAfee Associates product, for all that it is marketted by Parsons Tech. Therefore, the signature strings used in VIRUCIDE will be very close to those used in SCAN, and that is likely to cause the program to give some false positives. There is nothing ~wrong with either program, at least not as indicated by waht you saw. Why it said VIRUCIDE was compressed is a new one on me. ============= Vancouver p1@arkham.wimsey.bc.ca | "Don't buy a Institute for Robert_Slade@mtsg.sfu.ca | computer." Research into (SUZY) INtegrity | Richards' First User Canada V7K 2G6 | Law of Data Security | Security